The above video goes away if you are a member and logged in, so log in now!
Oh hold on, the script you posted which does the entire package right? You know the part where another window pops up and says it is decrypting the eboot? Straight after the eboot it says it is decrypting the self file
Edit.. Yeah doesn't work I guess it doesn't actually encrypt the self file even though it says it does. Also I tried the new script you posted and it now gives the error about the header. It is a shame I am trying the update for the game "Rage".
Updated the Re-encrypt script, it now handles spaces in the path and I have improver the final package naming.
Original package name is now not changed and the created package is the same a the original with a '-3.4' on the end.
Turns out the decrypting of self and sprx files (or failure there of) is not a bug or lack of feature in scetool. It can already do it.
The self is encrypted with a klicense key, which when the eboot.bin loads the self it decrypts it. So the klicense key is in the eboot.bin. So once the eboot.bin is decrypted to the eboot.elf we can brute force search for the klicense key.
We then give this to scetool like this: (example is BCES00938 SOCOM: Special Forces)
scetool -l 08727df80102030431c855b900000101 -d s4_g.self s4_g.elf
It will then decrypt it.
Other example I brute forced is
Portal 2 19089cbaf948487f9530832bf477b369
This is as far as I have got so far, we then need to re-encrypt it and put it back in the package file. Just like we do with the EBOOT.BIN.
Just thought I would share where I am up to.
@Elissa I am trying to brute force Rage as we speak to get the klicense.
offset 0x1978b20 into boot.elf for Rage (BLES01377)
you find the klicense key:
So to decrypt patch.elf in Rage use
scetool -l 58a4badb96035258c54dde01f210cbdd -d patch.self patch.elf
Also remember when you re-encrypt the elf to self/sprx you need to include the -l 58a4badb96035258c54dde01f210cbdd.
Last edited by oakhead69; 08-11-2012 at 02:57 PM.
does this mean i can patch a 3.60 game on my own?
oakhead69 Thank you so much for this such information, i make a pkg for the lasted patch of Black Ops 1.13 for 3.55
but i have a problem, multiplayer side doesn't work... i have a blackscreen and i don't know why!...
Solo and Zombie seems to work without bugs. I've tested uncompressed selfs too... doesn't working :x
I don't know what to do else.
Klicense BLES01031 Blackops Patch 1.13: AF0A8F0A8909F09234091AFADF909AF0
i can send the pkg in PM if you want inspect my work, i can't post link i'm new member...
Tested on cfw 3.55 TB v2
Thanks in advance
PS: Sorry for my bad english
Could this then be my problem I at having in this thread with portal 2??? - http://psx-scene.com/forums/f187/portal-2-a-105281/ (Portal 2)
Originally Posted by oakhead69
The fixed has several sprx files that need replaced as well as the EBOOT. (this was odd to me at first but I read some games do need sprx files pacthed/replaced)
The game locks up at that point because the sprx's that are being loaded at that time are not properly decrypted?
@YoYouBalls - yes that's exactly it
@oakhead69 - Would you mind sharing the script you're using to brute-force the klicense? I get what you're saying but I don't want to get into doing a base-16 number generator if you've already got a working method
Ok cool thanks for the speedy reply - glad I figured it out.
I'm about to check out the PSFR33 patch that was talked about on that thread. Give me a minute and I'll let you know if it works
Edit: I tried it with my TB patched copy and I get a spinning yellow warning sign. I'm going to try to redump the game clean and try again. I've never seen that warning logo. It's not a Sony one, so they might be junk patches